SCS-C02 · Question #139
SCS-C02 Question #139: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #139. The question stem and answer options stay visible for context.
Question
A company is testing its incident response plan for compromised credentials. The company runs a database on an Amazon EC2 instance and stores the sensitive database credentials as a secret in AWS Secrets Manager. The secret has rotation configured with an AWS Lambda function that uses the generic rotation function template. The EC2 instance and the Lambda function are deployed in the same private subnet. The VPC has a Secrets Manager VPC endpoint. A security engineer discovers that the secret cannot rotate. The security engineer determines that the VPC endpoint is working as intended. The Amazon CloudWatch logs contain the following error: "setSecret: Unable to log into database". Which solution will resolve this error?
Options
- AUse the AWS Management Console to edit the JSON structure of the secret in Secrets Manager
- BEnsure that the security group that is attached to the Lambda function allows outbound
- CUse the Secrets Manager list-secrets command in the AWS CLI to list the secret. Identify the
- DAdd an internet gateway to the VPC. Create a NAT gateway in a public subnet. Update the VPC
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.